Skip to main content

Risk alert: Medical records phishing scams

 The CMS is urging physicians to be on the look out for fraudulent medical records requests. These phishing scams typically employ fake medical records request forms sent to physician practices via fax or email. Here is a sample fraudulent request. 

 Physician are urged to review any medical records requests for signs of a scam, including: 

  • directing you to send records to an unfamiliar fax number or address;
  • referencing Medicare.gov or @Medicare (.gov);
  • indicating they need records to “update insurance accordingly”;
  • bad grammar, misspellings, or strange wording;
  • incorrect phone numbers;
  • skewed or outdated logos; and ;
  • graphics that are copied and pasted.

If you have received suspicious requests, CMS asks that you work with your Medical Review Contractor  to verify the request. Submit medical documentation through the Electronic Submission of Medical Documentation (esMD) system or CMS medical review contractor secure internet portals.